Changelog for 2005
0.5.70 alpha 3 (2005-12-27)
- Many fixes for UTF-8 support in vuurmuur_conf.
- Improved connection viewer, which supports showing accounting data per connection.
- Vuurmuur, vuurmuur_log and vuurmuur_conf now also have long options thanx to Stefan Ubbink!
- Added manual pages for vuurmuur, vuurmuur_log, vuurmuur_script and vuurmuur_conf.
- Many fixes for manipulating an empty ruleset.
0.5.70 alpha 2 (2005-12-18)
- UTF-8 support for translations in vuurmuur_conf
0.5.70 alpha 1 (2005-12-07)
- Made the logging of INVALID packets, SCAN probes, new TCP no SYN and fragments optional.
- Synlimits and udplimits are now enforced against accepted and queue'd connections, not against all packets.
- Added a -k (keep) option to the 'vuurmuur'-command, that does not remove the input file for iptables-restore. Useful for debugging.
- If you change the devicename, the interface will automaticly be set 'virtual' if the devicename contains a ":"-character.
- Added a fix for vuurmuur_conf not being able to use any other path for its config than /etc/vuurmuur/vuurmuur_conf.conf
- The rpm specs now also support Fedora Core, Mandriva and Redwall. Thanx Alex!
- Added Norwegian translation. Thanx Per Olav Siggerud!
- Fixed a crash in saving the vuurmuur_conf settings if the configfile could not be found.
- No changes since alpha 6.
0.5.69 alpha 6 (2005-11-15)
- Fix a bug with saving rule comments. Thanx for reporting TigerP@irc!
- Fix building of debian packages.
0.5.69 alpha 5 (2005-11-10)
- Added a fix for systems without nat not working.
- Fixed a bug where long chain names could cause a segmentation fault.
- Added rc.vuurmuur and README.SLACKWARE files written for Slackware by Nicolas Dejardin.
- Updated Brazilian Portuguese translation.
0.5.69 alpha 4 (2005-11-06)
- Updated russian translation.
- Added a french translation.
- Fix interfaces network_refcnt not being updated on network removal. If you removed a network with interfaces attached to it, you could no longer remove the interfaces.
0.5.69 alpha 3 (2005-11-01)
- Large translation update to reduce the number of translatable strings.
0.5.69 alpha 2 (2005-10-20)
- Hugo updated the Brazilian Portuguese translation.
- Alex wrote spec files for rpm support.
- Some changes to the build process to support the rpm-building.
0.5.69 alpha 1 (2005-10-11)
- Fixed a bug with renaming a network. It could cause an error when updating the rules with the new name. Thanx Hugo for the report.
- Fixed another case where a portfw connection looked like an incoming connection.
- Really fixed the "Broken Pipe" messages this time: let me know if the fix has negative side-effects.
- Virtual interfaces are no longer shown in the status screen.
- Fixed a bug with sometimes loglines beeing followed by an extra newline in the logviewer.
- Real userid is now detemined on startup (the user before su/sudo).
- Added a separate audit.log, in which all configuration changes are logged, including the username.
- No changes since alpha 10.
0.5.68 alpha 10
- Hugo updated the Brazilian Portuguese translation.
- Very minor update to the Dutch translation.
- Fixed the status about the system not beeing properly updated.
- Fixed debs not installing services properly.
- Fixed a crash that would occur when switching on the 'draw status in main menu option'.
- Alex updated the Russian translation.
0.5.68 alpha 9
- Fixed apply in vuurmuur_script hanging when vuurmuur and vuurmuur_log are not running.
- Added the --list-blocked option to vuurmuur_script. Written by Adi Kriegisch.
- Fixed the logging missing newline and thus making a mess of the logfiles.
0.5.68 alpha 8
- Added a --block and --unblock options to vuurmuur_script. Written by Adi Kriegisch.
- Added a fix for vuurmuur_conf to compile on Fedora Core 4 (gcc4).
- Fixed the autopackage installing the services in a wrong path.
- Non-existing hosts/groups that are in the blocklist are now loaded into Vuurmuur_conf, so they can be removed there.
- The traffic volume section now hides virtual interfaces to safe space for people with lots of them. No data was displayed for them anyway.
- Added --apply option to vuurmuur_script, that tries to apply the changes immediately.
0.5.68 alpha 7
- Fixed a buggy indicator introduced in alpha 6.
- Added logfunctions that both log and print to stdout.
- Updated Dutch translation.
- Really fixed the installer to copy the services this time.
- Added a fix that should fix installing the autopackage on Suse 8.0 systems.
0.5.68 alpha 6
- Added indicators to lists with items that don't fit on the screen, so the user know there are more items.
- Fixed the installing of the services in the config on a new source install.
- Updated Brazilian Portuguese translation. Thanks Hugo!
- Added input validation to vuurmuur_script.
- Combined the three autopackages to one package.
0.5.68 alpha 5
- Fixed another bug with the rules, also introduced in alpha 3.
- Disabled the 'old create method' because it is difficult to test and maintain.
- Added support for binreloc which is needed in preparation of future Autopackage support. It can be enabled in ./configure with --enable-binreloc
- The readme and install docs are now installed to (datadir)/doc/vuurmuur
- Added russian translation of the docs. Thank you Alex!
0.5.68 alpha 4
- Fixed a bug introduced in aplha 3 that caused the rulesfile to become unreadable.
0.5.68 alpha 3
- The installer should no longer fail to --install when the etcdir already exists.
- Renamed sepparator to separator.
- The 'interface up' information should be more reliable.
- Added a warning to the edit_host screen when no ipaddress is filled in.
- The device of an interface is now stored as 'DEVICE' instead of as 'INTERFACE'.
- Changes made to an interface in Vuurmuur_conf are now logged.
- Renamed Bandwidth to Traffic Volume.
- Fixed an broken pipe error in the Vuurmuur_conf Status Section on Gentoo systems. Thanks for the report Sebastian.
- Added some input validation to vuurmuur_script.
0.5.68 alpha 2
- Plugins are now stored in (libdir)/vuurmuur/plugins, the plugin config in (sysconfdir)/vuurmuur/plugins. Removed the plugindir option.
- Helpfiles are now stored in (datadir)/vuurmuur/help.
- If you are using a translation of vuurmuur_conf, the helpfunction will try to open a translated helpfile first.
- When creating a new service, it is now checked if a service with the same name already exists.
- Fixed some bogus warnings when creating the hash-table for the connections section.
- The status section no longer loads the hash, because it wasn't used at all.
- Fixed portfw/dnat connections looking like incoming connections in the connection viewer.
- Slight cosmetic fixes to the helpfile.
- Moved the backupscript from the libvuurmuur to the vuurmuur debian package.
0.5.68 alpha 1
- Implemented the 'print', 'add', 'delete', 'rename' and 'modify' command in vuurmuur_script.
- When the rules are stored all " are encoded to \" and decoded when they are loaded.
- Fixed a bug where a item added to the blocklist from the logviewer was not saved.
- Added support for rules for acting as a dhcp-server or as a dhcp client.
- Added support for protocol ipv6-over-ipv4 passthrough (protocol number 41).
- After changes were made to the services, the backend status is updated.
- All protocols are now logged in the trafficlog.
- Fixed a bogus 'internal error' message when trying to add a new group. Reported by Alex. Thanx!
- The mangle and nat table are now properly cleaned on reloading. Thanx for the report Adi.
- Changed the screen update function in the logviewer from wrefresh() to update_panels() + doupdate().
- Added a per-rule options to limit the rules. A burst rate can also be supplied.
- Vuurmuur_conf now checks if an interface is up every time you enter the 'edit interface' screen. The interface up? is also displayed a little different.
- A german translation was contributed by Holger Ohmacht. Thank you Holger!
- Implemented the list command in vuurmuur_script.
- Some of the services supplied with Vuurmuur had malformed comments, which could cause an 'buffer overflow' error message. Thanx for reporting Adi!
- Installation should no longer fail if the command 'which' is not installed.
- The main menu, config menu's and the select boxes in the edit rule screen now all remember the position of the cursor.
- Added gettext to the build-depends of the vuurmuur_conf debian package.
- Cut off all lines in the helpfile at 80 chars to aid translators.
- The Debian packages and the source installer now first backup your current config. Contributed by Adi Kriegisch.
- Fixed memory leaks in Vuurmuur and Vuurmuur_conf.
- Vuurmuur no longer detects changes in the rules when there are none.
- Rules and blocklist files are now created if missing. This should fix bugs introduced in 0.5.65.
- Trying to add a host or group to the blocklist while no hosts/groups have been defined yet no longer results in a crash.
- Fixed the installer checking the wrong etc-dir.
- Added 'F6:interfaces' to the menu in edit network, so it is clear that the interface of a network can be editted using F6.
- Updated the Russian translation. Thanx Alex!
- Fixed setting the wrong plugin path when installing the Debian packages.
- Change priority of permission warnings to info, so they appear in the log, but no longer as annoying popups.
- Fixed another bug in the installer which cause the rules- and blocklistcovert functions to be called unneeded and with wrong parameters.
- Added support for transparant proxy's by allowing redirect rules to have a non-firewall destination as well.
- Merged the libvuurmuur and plugins source trees, and vuurmuur and vuurmuur_log source trees.
- Improved detection and reporting of problems in the configuration.
- If opening the backends failed when starting Vuurmuur_conf, the user can now edit the config instead of just exitting.
- Moved the rules and the blocklist into the pluginstructure.
- Added a new 'Chain' action, which enables support for chains left alone by Vuurmuur. Only packets with state NEW will be sent there. The chains will be created if they don't exist.
- Fixed a crash with trying to add a member to a group when there are no hosts in that network. Thanx for the report Heiko!
- Added an about screen in Vuurmuur_conf.
- Added 'firewall(any)' which is useful for creating INPUT rules where you need to connect to the external ipaddress of the firewall from your lan.
- In the rules section you can now add horizontal lines with the L key. Press enter on a line to add a comment to it.
- Fixed some bugs in the rule parser.
- Changed the way the topmenu is drawn, so it will be easier to change it.
- Removed the ESC key in Vuurmuur_conf as a key to quit because there is a delay between pressing it and the action that needs to follow it.
- Fixed a confusing error message when not all required fields of a rule are filled in. Thanx for the report Edgar.
- Vuurmuur now creates the logdir if it doesn't exist.
- Vuurmuur_log now removes it's pidfile when it receives a sigterm. Thanx for the report Holger.
- The macaddress is now properly checked and saved in Vuurmuur_conf. Thank you for reporting Heiko.
- Added the ability to show the loglines that don't match the filter string.
- Added the possibility to filter in the connections screen.
- Snat rules can now also limit the interface which will be used.
- Disabled the --test run of iptables-restore, since it did not work correctly on Debian Woody, and iptables-restore works atomicly, so there is no real need for the * test.
- Added a Brazilian Portuguese translation contributed by Hugo Ribeiro. Thanx Hugo!
- Vuurmuur_log no longer fails to create a logfile.
- Really fixed the MASQ action this time.
- Fix compilation on Mandrake 10.0 and possibly on other distro's with older versions of automake. Thanx for the report Raldnor.
- Fixed a bug where setting the Mark option caused Vuurmuur to create to many iptables rules.
- Fixed a bug where a rule with action LOG also had log option set, resulting in double iptables rules.
- Fixed some bogus warnings when reloading the blocklist.
- Fixed a crash in the Zones Section of Vuurmuur_conf. Thanks for reporting Hugo and Edgar.
- Support on the system for the mangle table and the nat table is no longer a requirement.
- Renamed special service 'all' to 'any'.
- Added a special zone 'any'.
- Fixed a bug where adding a network gave an error while it actually succeeded.
- Fixed two tiny memory leaks in Vuurmuur_conf.
- Added a Russian translation for Vuurmuur_conf. Thanx for your contribution Aleksander!
- Changed logrotate script to send a SIGHUP to vuurmuur_log after rotating.
- Fixed a bug in the install script. Thanx for the report Alex.
- Fixed a bug where adding a host to the blocklist crashed vuurmuur_conf if the blocklist location was not set.
- Fixed a bug with a loading a malformed traffic.log in Vuurmuur_conf
- A portrange can now also be changed.
- Updated the helpfile for the services.
- Improved reliability of vuurmuur_log.
- Fixed two possible crashcases in libvuurmuur. Thanks for the report Raldnor!
- Improved the checking of the name entered when adding or renaming a host, group, network or zone. Thanks for the report Raldnor!
- Fixed a bug where a MASQ rule ignored the service, and thus applied to all services.
- All important modules are now on the MODULES_TO_LOAD line in the vuurmuur initscript.
- '?' can now also be used to call the help screen.
- Logging of blocklist violations can now be disabled.
- UDP-limit and SYN-limit can now be disabled.
- Files with invalid names in the backend are now silently ignored.
- Vuurmuur_log no longer misses loglines added to the log while reloading.
- Speeded up Vuurmuur_log reloading.
- If applying the changes failed, vuurmuur_conf now prints an error and updates the status to 'warn'.
- All configuration changes made in Vuurmuur_conf are now logged.
- Added a nfmark option to the rules. Rules can now be marked for use with traffic shaping tools. Use 0 - 9 999 999 for accept rules, and 20 000 000 - 29 999 997 for QUEUE rules.
- Because of this, the marks used with markiptstate are also changed: 29 999 998 for new,related, 29 999 999 for established.
- Vuurmuur_conf now supports internationalisation, and comes with a full Dutch translation. Translators for other languages are welcome!
- Vuurmuur now has a -t commandline switch that will disable the capability checking. This will asume all iptables features are supported.
- Using REJECT with tcp-reset together with the protocol 'all' now works correctly, tcp connections will be reset, others result in a icmp-port-unreachable.
- Fixed portfw rules with the remoteport option set. Thanks for the report Phil!
- In Vuurmuur_conf in the rules section '+' and '-' can now be use to move a rule down and up.
- Added an option to copy (duplicate) the current rule in the rulessection.
- Fixed an obscure bug when forwarding a service with the broadcast option set to a group.
- If Vuurmuur cannot determine all caps, ip_queue is now still checked.
- Added a network reference counter to the interfaces. It must be 0 before an interface can be removed.
- Added -m tcp, -m udp or -m icmp to rules so iptables-restore should now work on Debian Woody.
- Zones, networks, groups, hosts, interfaces and services can be renamed.
- Fixed the status section not being displayed on a small screen with too many interfaces.
- The interfaces section can now handle more interfaces that will fit on the screen.
- The bandwidth usage can now be viewed in Vuurmuur_conf.
- Vuurmuur now uses -D for daemon-mode instead of -l (-l can still be used though).
- Performance of the rulessection when using a filter was much improved.
- Fixed compilation warnings on Mandrake 10.1.
- When a ruleset failes to load the tempfile is no longer removed, so it can be inspected.
- The iptables option --log-tcp-options is now supported, for use with PSAD 1.4.0.
- Vuurmuur now tries to send a SIGHUP to vuurmuur_log when the interfaces have changed.
- Groups and Hosts now have a blocklist referencecounter, so adding it more than once will result in a warning. Also you must now remove it first from the blocklist before the host/group can be removed.
- libvuurmuur's ./configure now takes an option --with-config-dir=DIR which can be used to set the default config dir.
- Fixed a tiny memory-leak in the capability-checking code.
- Added support for creating debian packages from the source. This makes building debs for other archs possible.
- Added support for bandwidth monitoring using IP Traffic Volume: http://iptrafficvolume.sourceforge.net/
- Fixed a bug with virtual devices and the markiptstate option.
- Vuurmuur-log now also does a reverse check on the service if no service is found by a normal check.
- A new interface by default now has all protection rules set.
- Created a wrapper for set_field_buffer() because on Mandrake 10.1 it didn't accept our input.
- Added '-m tcp' to all rules containing '--tcp-flags' and '--syn' because otherwise iptables-restore didn't work on Debian Woody.
- If the vuurmuur_conf.conf file is missing, a default is now used.
- Big updates to the helpfile.
- The backend no longer acts weird if it encounters a directory where it expected a file.
- The version of the backendplugin is now passed to Vuurmuur.
- Fixed loglevel again :-( this time the changed log-level (in ruleset-mode) was not applied.
- Hosts now have a reference counter for groupmembership. When a host is still a member of a group, it can't be deleted.
- The option that checks for changed dynamic interfaces now also checks if the interface was just brought up or down.
- A dynamic ipaddress that is down, is not longer set inactive by Vuurmuur.
- Increased the default udplimit-burst value to 45.
- Added several new services.
Older changelogs: 2004